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Question: 1 


What are three portals provided by PSN? (Choose three.) 


A. Monitoring 

B. Troubleshooting 
C. Sponsor 

D. Guest 

E. My devices 

F. Admin 


Answer: C, D, E 


Question: 2 


A customer is concerned with the use of the issued laptops even when devices are not on the 
corporate network. Which agent continues to be operational even when the host is not on the Cisco 
ISE network? 


A. Cisco ISE Agent 

B. Cisco NAC Agent 

C. Cisco Custom Agent 
D. Cisco NAC Web Agent 


Answer: B 


Question: 3 


A company has implemented a dual SSID BYOD design. A provisioning SSID is used for user 
registration, and an employee SSID is used for company network access. How is the layer 2 security 
of the provisioning SSID configured? 


A. 802.1X 

B. Open 

C. WPA2 

D. MAC filtering disabled 
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Answer: B 


Question: 4 


A company has implemented a dual SSID BYOD design. A provisioning SSID is used for user 
registration, and an employee SSID is used for company network access. Which controller option 
must be enabled to allow a user to switch immediately from the provisioning SSID to the employee 
SSID after registration has been completed? 


A. AAA override 

B. User Idle Timeout 
C. Fast SSID Change 
D. AP Fallback 


Answer: C 


Question: 5 


An engineer must enable SGACL policy globally for a Cisco TrustSec -enabled routed interface. Which 
command must be used? 


A. cts role-based monitor enable 

B. cts role-based enfrocement 

C. cts role-based sgt-caching with-enforcement 

D. cts role-based monitor permissions from {sgt_num} to {dgt_num}][ipv4| ipv6] 


Answer: B 


Question: 6 


What two values does Cisco recommend you adjust and test to set the optimal timeout value for 
your network’s specific 802.1X MAB deployment? 


A. Max-reath-req 
B. Supp-timeout 
C. Max-req 

D. Tx-period 

E. Server-timeout 


Answer: A, D 
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Question: 7 


Refer to the exhibit. 


Traffic 
Flows 


Dot1Xx Dot1X 
AuthC? Timeout 


Authentication Method 


AuthC 


Success? 


Status 


Access 


Final Port 


Which ISE flow mode does this diagram represent? 


A. Closed mode 

B. Monitor mode 

C. Application mode 
D. Low-impact mode 


Answer: B 


Question: 8 


Which two protocols does Cisco Prime Infrastructure use for device discovery? (Choose two.) 


A. SNAP 
B. LLDP 
C. RARP 
D. DNS 
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E. LACP 


Answer: BD 


Question: 9 


An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support 
native 
supplicants. Which portals must the security engineer configure to accomplish this task? 


A. Client Provisioning Portals 
B. BYOD Portals 

C. My Devices Portals 

D. MDM Portals 


Answer: C 


Question: 10 


An engineer must limit the configuration parameters that can be executed on the Cisco ASAs 
deployed 
throughout the network. Which command allows the engineer to complete this task? 


A. AAA-server tacacs1(inside) host 10.5.109.18 
S3cr37 timeout2 

| 

aaa authorization command tacacs1 

B. AAA-server tacacs1 (inside) host 10.5.109.18 
S3cr37 timeout2 

| 

aaa authentication ssh console tacacs1 

C. AAA-server tacacs1(inside) host 10.5.109.18 
S3cr37 timeout2 

| 

aaa authorization exec authentication-server 
D. AAA-server tacacs1(inside) host 10.5.109.18 
S3cr37 timeout2 

| 

aaa authentication exclude ssh 


Answer: A 


Question: 11 
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Refer to the exhibit. 


Ingress Cisco TrustSec 
router 


If the host sends a packet across the Cisco TrustSec domain, where is the SGACL enforced? 


A. At the egress router 

B. Dynamically at the host 

C. After the packet enters the Cisco TrustSec domain 
D. At the ingress router. 


Answer: A 


Question: 12 


Which type of SGT propagation does a WLC in a data center require? 


A. SXP 

B. SGT Reflector 

C. SGT inline tagging 
D. SGT Reflector 


Answer: C 


Question: 13 


Which two accounting types are used to implement accounting with RADIUS? (Choose two.) 


A. Network 
B. User 

C. Attribute 
D. Device 
E. Resource 


Answer: AE 
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Question: 14 


Which functionality does the Cisco ISE BYOD flow provide? 


A. It provides support for native supplicants, allowing users to connect devices directly to the 
network. 

B. It provides the My Devices portal, allowing users to add devices to the network. 

C. It provides support for users to install the Cisco NAC agent on enterprise devices. 

D. It provides self-registration functionality to allow guest users to access the network. 


Answer: A 


Question: 15 


Which description of SXP is true? 


A. applies SGT along every hop in the network path 

B. propagates SGT on a device upon which SGT inline tagging is unsupported 
C. removes SGT from every in the network path 

D. propagates SGT on a device which inline tagging is supported 


Answer: B 


Reference: 
https://www.cisco.com/c/dam/en/us/solutions/collateral/borderless-networks/trustsec/CO7- 
730151-00 overHYPERLINK _"https://www.cisco.com/c/dam/en/us/solutions/collateral/borderless- 
networks/trustsec/C07-730151-00 overview of trustSec og.pdf"view of trustSec og.pdf 


Question: 16 


You must recover a wireless client from quarantine. You disconnect the client from the network. 
Which action do you take next? 


A. Reboot the client machine after the idle timeout period expires. 
B. Start a manual reassessment 
C. Reconnect to the network after the idle timeout period expires. 
D. Turn off the MIC of the client 


Answer: C 


Reference: 


hHYPERLINK "https://www.cisco.com/c/en/us/td/docs/security/ise/1- 
2/user guide/ise user guide/ise pos pol'ttps://www.cisco.com/c/en/us/td/docs/security/ise 


1-2/user guide/ise user guide/ise HYPERLINK 
"https://www.cisco.com/c/en/us/td/docs/security/ise/1- 
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2/user guide/ise user guide/ise pos pol"pos pol 


Question: 17 


Which internal Cisco ISE component reduces demand on JVM memory by limiting the number of 
devices the profiler handles? 


A. eventHandlerQueueStze 

B. maxEndPomtsinLocalDb 

C. NetworkDeviceEventHandter 
D. forwarderQueueSize 


Answer: A 


Question: 18 


Which action do you take to define the global authorization exception policy by using a Device Admin 
Policy Set? 


A. Configure the policy by using Proxy Sequence mode. 
B. Configure a rule-based condition in a policy set. 

C. Define the policy for each group of devices. 

D. Define the policy by configuring a standard profile 


Answer: B 


Question: 19 


In the redirect URL authorization attribute, which Cisco ISE node acts as the web server when 
performing CWA? 


A. Administration 
B. Monitoring 

C. Policy Service 
D. pxGrid 


Answer: C 


Reference: 

https://www.cisco.com/c/en/us/td/docs/security/ise/2- 

3/admin guide/b ise admin guide 23/b HYPERLINK 
"https://www.cisco.com/c/en/us/td/docs/security/ise/2- 

3/admin guide/b ise admin guide 23/b ise admin guide 23 chapter 01111"ise admin gu 


ide_23 chapter 01111 
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Question: 20 


Which two protocols are supported with the Cisco IOS Device Sensor? (Choose two.) 


A. SNMP 

B. Cisco Discovery Protocol 
C. RADIUS 

D. LLDP 

E. NetFlow 


Answer: B, D 


Explanation: 

Device Sensor feature is used to gather raw endpoint data from network devices using protocols such 
as Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP), and DHCP. The endpoint data 
is made available to registered clients in the context of an access session. 

Reference: 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15- 

O 1 se/HYPERLINK 

"https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3 750/software/release/15- 


O 1 se/device sensor/guide/sensor guide'"device sensor/guide/sensor guide 


Question: 21 


What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC? 


A. Event 

B. Cisco-av-pair 
C. State attribute 
D. Class attribute 


Answer: B 


Reference: 


Question: 22 


While troubleshooting a posture assessment issue on a Windows PC, the NAC Agent is not popping 
up as expected. Which two logs would help in isolating the issue? (Choose two.) 


A. Cisco AnyConnect ISE posture logs 
B. NAC agent logs 

C. Dart bundle 

D. Cisco ISE profiler log file 

E. Cisco ISE ise-psc.log file 
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Answer: DE 


Question: 23 


A manager of Company A is hosting a conference. Conference participants use a code on the AUP 
page of the hot-spot guest portal Which code must the manager create on Cisco ISE before the 
meeting? 


A. user code 

B. pass code 

C. access code 

D. registration code 


Answer: C 


Question: 24 


Which command is needed to enable dotlx globally on the switch? 


A. aaa authentication dotlx default group radius 
B. dotix system-auth-control 

C. dotlx pae authenticator 

D. authentication port-control auto 


Answer: B 


https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe- 


3se/3850/secuser- 
802 1x-xe-3se-3850-book/config-ieee-802x-pba 


Question: 25 


DRAG DROP 
Drag and drop the portals from the left onto the correct portal tasks on the right. 
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Request 3 certificate for a device that is 
unable to use onboarding support. 


Answer: 


Reference: 
https://www.cisco.com/c/en/us/td/docs/security/ise/1- 

4/admin guide/b ise admin guide 14/b ise admin guiHYPERLINK 
"https://www.cisco.com/c/en/us/td/docs/security/ise/1- 

4/admin guide/b ise admin guide 14/b ise admin guide 14 chapter 010000"de 14 chapt 


er_ 010000 


Question: 26 
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DRAG DROP 
Drag and drop each posture assessment outcome from the left onto the appropriate definition on the 


right. 
content NAC agent determined something on the endpoint is in 
violation of the defined security policy. 


NAC agent on the endpoint determined that the software 


assessment on the endpoint adheres to the secunty policy. 


noncompliant The endpoint falled to report a posture assessment to ISE. 


Answer: 


Question: 27 


el 
2 
> 
O 
© 
2 
© 
T 


Drag and drop the BYOD user experiences on an iPad on the left into the correct order on the right. 


The CSR is generated on the endpoint and is sent to the Cisco ISE, which forwards itto 
the SCEP server 


The user opens a web browser and is redirected to a registration portal 


ACoA is issued and the endpoint is reconnected to the network with the proper access 


The endpoint installs a signed certificate that is returned from the Cisco ISE along with 
the wireless network setting 


The endpoint authenticates to secure SSID using the username and password 
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Answer: 


The endpoint authenticates to secure SSID using the username and password 


The user opens a web browser and is redirected to a registration portal 


The CSR is generated on the endpoint and is sentto the Cisco ISE, which forwards it to 
the SCEP server 


The endpoint installs a signed certificate thatis returned from the Cisco ISE along with 
the wireless network setting 


ACoA is issued and the endpointis reconnected to the network with the proper access 


Question: 28 


In this simulation, you are task to examine the various authentication events using the ISE GUI. For 
example, you should see events like Authentication succeeded. Authentication failed and etc... 
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topology 


interface vian2 
141022 


CAT 3560-X 


Network 
Printer 


Secure-X 
Corporate 
Internal 
Network 


CES 


AnyConnect — 7 
NAM 


Employee 


PCs 
Standalone 


Deployment 
10.10.2.20 


Metrics 
Total Endpoints Active Endpoints Active Guests Profiled Endpoints 
mul 2+ ar |, 24h ~ 
System Summary E Alarms E Authentications 
Utilization and Latency 24h v Name Occurrences Last Oceurr 
Name = a Passed 12 
CPU Memory Authenticati... © Configuration Changed 787 times 41 mins... 
A ise tal ata wha fy authentication Inactivity 1049 times 2hrs 15 ... Failed 74 
@ Insufficient Virtual Machin... 527 times 2 hrs 25 
Distribution Bu: 
fy RADIUS Request Dropped 858 times 14 hrs 4 
Identity Store 
fy No Accounting Start 237 times 14 hrs 4. 
À Supplicant stopped respo... 21 times 16 hrs 4... E Identity Group 
@ No Configuration Backup... 187 times 23 hrs 2... E Œ Network Devi... 
re ’ Location 
Profiler Activity f) Posture Compliance 
Failure Reason 
Total 9 | u Total 0 
Last 24 Hours Last 60 Minutes Last 24 Hours Last 60 Minutes 
Distribution By: Distribution By: 
L__ msn El Docture Statue MA NAS TE TS _™ 


Which four statements are correct regarding the event that occurred at 2014-05-07 00:19:07.004? 
(Choose four.) 
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A. The IT_Corp authorization profile were applied. 

B. The it1 user was matched to the IT_Corp authorization policy. 

C. The it1 user supplicant used the PEAP (EAP-MSCHAPv2) authentication method. 
D. The it1 user was authenticated using MAB. 

E. The it1 user was successfully authenticated against AD1 identity store. 

F. The it1 user machine has been profiled as a Microsoft-Workstation. 

G. The it1 user machine has passed all the posture assessement tests. 


Answer: B,C,E,F 


Explanation: 
Here are the details shown for this event: 


| Overview HAS Pont hoe Enemnet 
tet LAC Auterncshin miceotet mimoncabon Profile it ese 
Menane m Pestre Aus Withee code 
tregere ws CAPTE Sourty Gras 
Loges dre CRE LETTRE Sesserse Tire 10 
Bo ruben Prhe LAC 
ee iT em +  ; 
DOTÉ LT Detewt 
nt iamtanttmet eds à Datsun Other Attributes 

= Corteg Ver sorts . 

Cesnratonr ont voar 

| Authentic ation Detalhs araoa hoera 
Daros imerrp 201409007 09 1907 QUE LOL Pot 0001 
Race -ed teartare 2014.08 OT BO 1807 004 Front MT 1800 


fm ; a 
cut 2200 Alto tn st re meveweded ones 

tæ se nenna ses bes mordi) 184007157202 

has nen Latectes sheers ati order y StoresAD À 

ayet onare Le ertadiu marti a rare y tevesiniomasl (new 

ES 5 ADO man parures local 

ew Ter 


atronesen Pole yon de IT wee 
beonw 4209 AI AU TT 


CPS es mont 04040202000000 OH OTOCAOS 
Gras Pros COR LE 27 P TE 
CeFaAMAC Ad es DORATA 
22270 TETEN 
ise Dersa 
Š st DE LL] LE 
Meret roue sation cad ho chee Sets 
Aud Session ta DaO ONOONO WDC brttrisetenmchedise Lean 
SA ee ated bette Peet Der AA On eng Crdpent dently Coups Patio’ Weertstiee 
Apart Br Press PEAP EAP MAC mares) (ecaton Lassard An Le cshonseQ 


Question: 29 


In this simulation, you are task to examine the various authentication events using the ISE GUI. For 


example, you should see events like Authentication succeeded. Authentication failed and etc... 
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topology 


interface vian2 
141022 
CAT 3560-X 


Network 
Printer 


Secure-X 
Corporate 
Internal 
Network 


“ 
‘ 


re ss 


AnyConnect — ¢ 


NAM Employee 


PCs 
Standalone 


Deployment 
10.10.2.20 


Metrics 
Total Endpoints Active Endpoints Active Guests Profiled Endpoints 
vabi 2+" aa |. 24h ~ 
System Summary E Alarms E Authentications 
Utilization and Latency 24h v Name Occurrences Last Oceurr 
Name = a Passed 12 
CPU Memory Authenticsti.. | configuration Changed 787 times 41 mins ... 
A ise tall ta tha fy authentication Inactivity 1049 times 2hrs 15 ... Failed 74 
@ Insufficient Virtual Machin... 527 times 2 hrs 25 
Distribution Bu: 
fy RADIUS Request Dropped 858 times 14 hrs 4 
Identity Store 
fy No Accounting Start 237 times 14 hrs 4. 
À Supplicant stopped respo... 21 times 16 hrs 4... E Identity Group 
@ No Configuration Backup... 187 times 23 hrs 2... E Œ Network Devi... 
re ’ Location 
Profiler Activity f) Posture Compliance 
Failure Reason 
Total 9 | u Total 0 
Last 24 Hours Last 60 Minutes Last 24 Hours Last 60 Minutes 
Distribution By: Distribution By: 
L__ msn ss - El Posture Statis Ne LAA EAO _M 


Which three statements are correct regarding the events with the 20 repeat count that occurred at 
2014-05-07 00:22:48.748? (Choose three.) 
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A. The device was successfully authenticated using MAB. 

B. The device matched the Machine _ Corp authorization policy. 
C. The Print Servers authorization profile were applied. 

D. The device was profiled as a Linksys-PrintServer. 

E. The device MAC address is 00:14:BF:70:B5:FB. 


F. The device is connected to the Gi0/1 switch port and the switch IP address is 10.10.2.2. 


Answer: 


A, D, E 


Event Details: 


https: 


www.certkillers.net 


There have Deen 20 repertos avthendcsten: stth Pa rme authesticabon result Location "O 
The authentication details ef the first passes attempt is hen rere 
MAS IF Adtrens 01022 
WAS Port kd Gigabittthemen/10 
NAS Port Ime Etrernet 
Overview Autheritation Proe Machine_Conp 
Event 2200 Authentieatian noces eded Portre Status NotAppticadle 
Username 00140 70,0650 Jeouty Gra 
Endpoint 13 00-1487 70:08:78 Seapenen Ene = 
Endpoiré Profile Unes PrntSenver 
Anarion Protile Machine_Cotp 
fa tthrerizaticnPolicyMatchedPue Print Garen Other Attributes 
$ Detavit 
1$CPoic yet has . n Ne 5 
it 
Ware y Sel edontatored As e Detaul 2 1546 
Arouca Radus 
NAS Port more 
Authentication Details Framed MTU 1200 
Ongnal User Mame C0 1470821 
Source Timestamp 20140505 17204027 
Acs teewoniD LU. ee 72.7 
Received Timestare 201406-06 17:20:40 22 
JseCase Host Lockwp 
Poboy Server ne 
Selectedcshentic tontsertityQoresintemal Endpoints 
Event 5200 Ant entisation putes eded 
mtronséonPolicymmtcnedise Pant Sewes 
False Reason 
LPMSesmionD DAD MIZUDIQIOOTS 2006 7 0559 
Feschtion 
ErdtortMACasoess 00. 14-6F-70-B4-FB 
Root cause 
SEPohayftetiis: Detauit 
va 90:14 8e 70 ee ba aranna 
- —- — a abk oana 
..continued: 
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Source Ti mastaro 20140505 17204022 
Received Tomstary 20140505 1720403 

Host Loceup 
Poticy Server we 


Sel ectacAutharheationktertt yStoresintemal Endpoint: 
Evert 2200 Authantisabon succeeded k 


hirorirstionPelicyMatchedinle Prnt Servers 
OAD BOON 20000035006 706659 


Falura Reason 


00.14 BF. 70-86 FR 

Deteutt 

Map 

Detaut 

Endpoint Ideotity Groupe Profiled uroa 
Lecation@ an Lecationn@ HO 


Hat 
00 t48f 7085FE 
Lirias P nints arrer 


D Troes Al D: 
atamai Endpoints evos avise Types 
Fi 
tu PrintSe 0094.87 :70.86:F8 


10.022 
OAD AISI OOOO IN 7046.9 


n 40 SE 35:52, ER? 
mai 

service typenC all Ched 
Call Cho 


HO Sw 


display continue te 


Question: 30 


In this simulation, you are task to examine the various authentication events using the ISE GUI. For 
example, you should see events like Authentication succeeded. Authentication failed and etc... 
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topology 


interface vian2 
141022 
CAT 3560-X 


Network 
Printer 


Secure-X 
Corporate 
Internal 
Network 


| ae = ss = 


AnyConnect 4 


NAM Employee 


PCs 
Standalone 


Deployment 
10.10.2.20 


Metrics 
Total Endpoints Active Endpoints Active Guests Profiled Endpoints 
mul 2+ ar |, 24h ~ 
System Summary EI Alarms E Authentications 
Utilization and Latency 24h v Mame Occurrences Last Oceurr 
Name = a Passed 12 
CPU Memory Authenticati... © Configuration Changed 787 times 41 mins... 
ise tal ata wha fy authentication Inactivity 1049 times 2hrs 15 … Failed 74 
@ Insufficient Virtual Machin... 527 times 2 hrs 25 
Distribution Bu: 
fy RADIUS Request Dropped 858 times 14 hrs 4 
Identity Store 
fy No Accounting Start 237 times 14 hrs 4. 
À Supplicant stopped respo... 21 times 16 hrs 4... E Identity Group 
@ No Configuration Backup... 187 times 23 hrs 2... E Œ Network Devi... 
re ’ Location 
Profiler Activity f) Posture Compliance 
Failure Reason 
Total 9 | u Total 0 
Last 24 Hours Last 60 Minutes Last 24 Hours Last 60 Minutes 
Distribution By: Distribution By: 
Í O o mennainto ns . Gl nacture Statue M an _ 
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interface vian2 
141022 
CAT 3560-X 


Network 
Printer 


Secure-X 
Corporate 
Internal 
Network 


AnyConnect 


NAM Employee 
PCs 
Standalone 


Deployment 
10.10.2.20 


Which two statements are correct regarding the event that occurred at 2014-05-07 00:22:48.175? 
(Choose two.) 


A. The DACL will permit http traffic from any host to 10.10.2.20 
B. The DACL will permit http traffic from any host to 10.10.3.20 
C. The DACL will permit icmp traffic from any host to 10.10.2.20 
D. The DACL will permit icmp traffic from any host to 10.10.3.20 
E. The DACL will permit https traffic from any host to 10.10.3.20 


Answer: A, E 


Event Details: 
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dac! detail 


Lecation#@Ali Location 
Device TypetAll Devi 
SACSACL-IP-Emple 
10.1022 

aa sance _ 26m 
acdowmioad 


CACS 020202 14000008 


pin ais te deny iomp a 
ipcinactgZe deny icmp à 
ipcin acl" deny top am 
Ipcinactéde permit ip an 
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Result 
State ReauthSession 030302 1490000006353697 CDS 
Class CACS 0 20 202140000006353697 CDS -ise/188683442/376 
cisco-av-pair ip:inacl#1=deny iomp any host 10.10.2.20 
Cisco-av-pair ip:inacl#2=deny iomp any host 10.10.3.20 
cisco-av-pair ip:inacl#3=deny top any host 10.10.3.20 eq 80 
cisco-av-pair ip:inacl#4=permit ip any any 
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